Chapter 11 Risk Management

Chapter 11 Risk Management
Risk management is an important aspect of the project management. Project risk can be defined as an unforeseen event or activity that can impact the project's progress, result or outcome in a positive or negative way. Generally, a risk can be assessed using two factors: probability and impact. Project risk management deals with the identification, assessment, and prioritization of risks followed by a coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events that can happen during a project. In this chapter we will cover the following topics: Project Risk Management Processes Project Risk Management Good Risk Management Practices Identify Risks Risk Identification Tools and Techniques Qualitative Risk Analysis Quantitative Risk Analysis Risk Response Planning Risk Monitoring & Control Let’s proceed to the chapter. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-1

Risk Management Contents
Risk Management Overview Risk Management processes Tools/techniques/methods utilized in each process The topics covered in this chapter are: Risk Management Overview Risk Management processes Tools, techniques, and methods utilized in each process PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-2

Risk Management Learning Objectives
By the end of this chapter, you should be able to: 1. Explain the importance of risk management on projects. 2. Name the Risk Management processes 3. Describe the tools and techniques used and activities involved in each process By the end of this chapter, you should be able to: Explain the importance of risk management on projects Name and understand the Risk Management processes Describe the tools and techniques used and activities involved in each process PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-3

Project Risk Management Processes
11.1 – Plan Risk Management 11.2 – Identify Risks 11.3 – Perform Qualitative Risk analysis This diagram is an overview of the project risk management process. Plan risk management is the process of identifying how to conduct risk management activities in a project. Planning risk management process is important to ensure that the degree, type, visibility of risk management is commensurate with both the risks and importance of the project to the organization. Identify risk is the process of determining which risks may affect the project and documenting their characteristics. It is an iterative process because new risk may evolve or become known as the project progresses. Perform qualitative risk analysis is the process of prioritizing risk for further analysis by assessing and combining their probability and impact. Perform quantitative risk analysis is the second level risk analysis process that numerically analyzes the effect of identified risks. Plan risk response process develops options and actions to enhance opportunities or good risks and reduce threat or bad risks after above analysis. In Monitor and control risks process, we deal with implementing response plan as well as tracking identified risks, searching new risks, monitoring residual risks with we will discuss later. 11.4 – Perform Quantitative Risk Analysis 11.6 – Control Risks 11.5 – Plan Risk Responses PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-4

Inov8Solutions Inc – Quality Educational Services For Professionals
Review Quiz Which one of the following is not a Risk Management process? Plan Risk Management Resolve Risks Perform Qualitative Risk Management Control Risks The correct answer is B. Resolve Risks is not one of the Risk Management processes. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-5

Project Risk Management
What is a Risk? Risk is the possibility of suffering loss, injury, disadvantage, or destruction. (Webster's Third New International Dictionary 1981) OR An undesired event as a result of uncertainty, complexity, constraint, or lack of resources – something that can go wrong Risk Characteristics A risk may or may not happen. There is some probability of it occurring If it is inevitable, it is not a risk a risk has unwanted consequences If there is no impact, its not a risk Let us begin by understanding what is a risk. It is the possibility of suffering loss, injury, disadvantage or destruction. It is an undesired event that happens due to uncertainty, complexity, constraint, or lack of resources. How can you tell if some event that has occurred is a risk? By assessing the probability and impact of the event. It is most likely a risk if the probability is greater than 1 and the impact will affect the Cost, Scope or the Timeline of the project. If something is inevitable, then it is not really a risk. If there is no impact of an undesired event, then it is not a risk either. Project managers find it very challenging to manage risk, because they do not get much time to plan for risk management. The best approach for Project managers to address risk planning is to address it by a step-by-step process. As we saw in a diagram earlier, first they must develop a risk management plan. Then identify potential risks. They should then do qualitative and quantitative analysis. And then plan risk responses and monitor and control. There are no guarantees for a project to be successful. Even the simplest activities can run into unexpected problems. When there is anything that might occur on a project and change outcome of project activities, we must treat that as risk. Risk can be an event or condition depends on the situation but it must be uncertain and have some impact if arrives. Risks are identified and managed starting in Initiating Process Group and are continuously kept up-to date or added to while the project is underway. Let us think for a moment about difference the between a risk and an event. A risk is something that could possible impact your project in the future. An issue is something that is impacting your project now. Both risk and issue management requires planning. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-6

Good Risk Management Practices
Be a good risk manager or you will become a good crisis manager (SITC) If you don't actively attack the risks, they will actively attack you. (Tom Gilb) Projects that don't manage risk are at risk (ICE Corp) Risk management is not free; prepare to commit resources, define a risk management process, and make a risk reserve available. Risk in itself is not bad; risk is essential to progress (Roger Van Scoy) These are some of the best practices for Risk Management. Being proactive in managing risk can reduce the impact of an uncertain event. Good Project Managers along with their team plan for risk pro-actively during the planning process to identify, prioritize and determine the rules for handing risk events should they occur during the project. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-7

Threats and Opportunities A risk event is something that is identified in advance that may or may not happen. If it does not happen it can have a positive or negative effect on the project A positive impact (good risks) risk is called “Opportunities”. Up to 90 percent of threats that are identified and investigated in the risk management process can be eliminated. As we looked earlier, risks are identified during planning and they may or may not happen. When risk do not happen, they may present a positive impact or are considered as a “good risk” for the project. A positive impact is referred to as an Opportunity. While risks cannot be eliminated fully, solid risk management methodologies can result into elimination of risk upto 90%. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-8

Risk Factors The probability that it will occur (what) The range of possible outcomes (impact) When is it expected to happen (when) The frequency at which it will happen (how often) Risk Averse Someone who does not want to take risk (play it safe) Project risk management involves identifying risks early on in the project. Risks an be related to the resources (team), financial, or contractual. What are the risks that you think can derail the project. And when these risk events happen, how would you handle them? It is a best practice to look ahead and foresee any potential issues that might happen during your project. Proper risk projections and creating a rule book can save trouble during the peak of the project. For example, if you are sharing resources (team members) with another project manager in the program, then you would need to specify a set of defined rules should any conflict occur during the execution phase of the project. It is better to highlight the milestones of your project with the team members and the other project manager so that they are aware of your deadlines. There should be a contingency plan should the timelines shift during the project. Another example of a risk event that can occur is when a lead developer decides to take time off for personal reasons. The impact of such event could put the project completion date to be moved. To properly plan for such an event would be to get to know your team early on and have a collaborative dialogue to ensure any upcoming events are shared with you by the team for you to plan your risks. It is good to have a shared project calendar detailing any time off by the team members. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-9

Input to and output of Risk Management – Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition Perform exercise on page 376, 377 on Rita’s book. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-10

Plan Risk Management Deciding how to approach and plan the risk management activities for a project. Risk management Plan may include: Methodology : Defines the approaches, tools and data sources that may be used to perform risk management on the project. Roles and Responsibilities : Defines the lead, support and risk management team membership for each type of action in the risk management plan. Budgeting : Establishes a budget for risk management for the project. Timing : Defines how often the risk management process will be performed throughout the project life cycle. Risk Categories : Risks could be internal, external, technical, and unforeseeable. Risk Probability and Impact : What’s the probability of a risk event happening and its related impact. Stakeholders Tolerance and thresholds : Stakeholders tolerance and thresholds criteria for risks that will be acted upon, by whom, and in what manner. Scoring and Interpretation: Scoring and interpretation method appropriate for the type and timing of the qualitative and quantitative risk analysis being performed. Reporting Formats: Describes the content and format of the risk response plan. Tracking : Documents how all the facets of risk activities will be recorded for the benefit of the current project, future needs and lessons learned. Types of Risks : Business risks (Risk of a gain or loss) and Pure (insurable) risks .i.e. only a risk of loss (i.e. fire, theft, personal injury, etc.) As discussed early on, creating the rule book during the planning phase is crucial for planning risk management. Rule book can be a handy reference when the risk actually occurs. During the planning stage, the team members plan on identifying risk events. They prioritize and rank them. And then identify how to address them. There are various activities that can help with the process including specifying the methodology for risk management, addressing roles and responsibilities for the team members, financial management including budgeting, specifying timing for risk event and how often risks management process will be performed during the project life cycle. Additionally activities in planning risk management include listing various risk categories, determining the probabilities of risk events and impact, identifying stakeholders tolerance and thresholds, scoring and interpreting methods appropriate for the type and timing of the qualitative and quantitative risk analysis to be performed, determine the risk response format, documenting of risk activities and listing types of risks that will be addressed such as business, pure risk etc. Now let’s check why we need to be focused on having an effective risk management plan? Effective risk management reduces the ineffective use of the budget and it is the way to ensure that all resources are utilized efficiently. It provides assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if a loss occurs. A good risk management plan includes strategies and techniques for recognizing and confronting these threats. It provides solutions for both preventing and solving unnecessary situations and brings forward any opportunities that may exist. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-11

Plan Risk Management Class Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition No notes. Class Activity Slide. No Audio PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 4-12

Identify Risks Defined as “determining which risks might affect the project and documenting their characteristics” All stakeholders as well as experts from other parts of the company or outside the company may be involved in indentifying the risks. The core team will begin the process and then the other members will become involved , making risks identification an iterative process. Project Managers should start looking for risks as soon as possible. Risk Categories Technical, quality , or performance risks – such as reliance on unproven or complex technology, unrealistic performance goals, changes to the technology used or to the industry standards during the project. Project Management Risks – such as poor allocation of resources, inadequate quality of the project plan, poor use of the project management disciplines. Organizational risks – such as cost, time, and scope objectives that are internally inconsistent, lack of prioritization of the projects, inadequacy or interruption of funding, and resource conflicts with other projects in the organization. External Risks – such as shifting legal or regulatory environment, labor issues, changing owner priorities, weather related risks (earthquake, flooding etc) As we know already, identify risk is the process of determining which risks may affect the project and documenting their characteristics. The very first question we ask is this: Who is responsible for risk identification? Well, in a word Everyone! Project manager, team member, risk management plan, stakeholders and risk management experts. The team is involved first and then the rest of the experts get involved. This is an iterative process and Subject Matter Experts (SMEs) can be involved as the process continues. The sooner the risks are identifies, the better they can be managed, That is why the project managers should start this activity early on in the projects. Second question is when should we identify risk? As risk identification is an iterative process, new risk become known as the project progresses through its life cycle. The risk event can happen due to many reasons and it can be categorized as following: Technical, quality or performance Risks; Project management Risks; Organizational Risks; and External Risks In identifying risks, project manager and the team considers reviewing risk registers from similar previous projects for lessons learned. Risk response is documented in your plan. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-13

Identify Risks Class Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition No notes. Class Activity Slide. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 4-14

Risk Identification Tools and Techniques
Information Gathering Techniques: Brainstorming- Usually done in a meeting where one idea helps generate another. Delphi technique - Way to reach a consensus of experts on a subject. Interviewing – Consists of a team or project manager interviewing an expert to identify risks on the project or a specific element of work. Strengths, weaknesses, opportunities and threats (SWOT) Analysis – An analysis that looks at the project to identify its strengths etc and thereby identify risks. Checklist Analysis – Checklist is used to help identify specific risks within each category. Assumptions Analysis – Analyzing what assumptions have been made on the project which may help identity more risks. Diagramming Techniques – Similar diagramming techniques can be used to identify risks as used in Quality Management. Triggers: Sometimes called risk symptoms or warning signs, are indications that a risk has occurred or is about to occur. Example: Missing a deadline on an activity on critical path means there is a chance that you will miss the project deadline. Various risk Identification tools and techniques can be utilized to identify risks. Documentation review and information gathering techniques are two techniques team uses for risk identification. Documentation review is a structured technique includes plan, assumptions, project files, contracts and other information. Information gathering techniques involves various methods including Brainstorming, Delphi technique, interviewing, SWOT Analysis, Checklist Analysis, Assumptions Analysis, and Diagramming Techniques. Brainstorming is one of the technique, project teams usually performs to obtain a comprehensive list of project risks. Delphi Technique is a way to reach a consensus of expert. Advantage of the technique is that it reduces bias in the data and keeps any one person from having undue influence on the outcome. Interviewing experienced project participants, stakeholders, and subject matter experts can identify risk. Risk identification checklists can be developed based on historical information and knowledge that has been accumulated from the pervious similar projects and form the source of information. In assumption analysis, every project and every identified project risk conceived and developed based on a set of hypothesis and assumption. Diagramming method include cause and effect diagram, system and process flow chart and influence diagram. SWOT analysis examines projects from each of strength, weakness, opportunity or threat perspective to increase the breadth of identified risks by including internal generated risks. Risks triggers are warning signs that indicated that a risk has occurred or is about to occur. For example, if a deadline on a critical path activity has missed, it is likely that the project will not meet its completed target date. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-15

Qualitative Risk Analysis
Process of accessing the impact and likelihood of identified risks. Determine which risk events warrant a response. Document non-critical, or non-stop risks. Prioritizes risks according to their potential effect on project objectives. Probability and Impact: One of the ways to help rank risks is to analyze the probability of a risk occurring and the effect of the risk on the project. Determine the probability of each risk occurring - usually in the form of taking and educated guess. (e.g. low, medium, high) Determine the consequences of each risk occurring – also in the form of an educated guess. (low, medium, high) Assumption Testing: “What assumptions have been made?” Before the project manager can use the risk information collected, assumptions made must be identified. Qualitative risk analysis is the process of prioritizing risks for further analysis or actions by accessing and combining their probability and impact. Project manager make an assessment of the impact and likelihood of identified risks should they occur. Project manager determine which risk requires a response and document non-critical risks. They give a high, medium or low ranking to each risk event. This can by done by an educated guess, input from Subject Matter Experts (SMEs), and reviewing documentation of previous projects with similar risks. Perform qualitative risk analysis is usually a rapid and cost effective means of establishing priorities for plan risk response and lays the foundation for perform quantitative risk analysis. The analysis processes should be revisited during the project life cycle to stay current with the changes in the project risks. Another important thing that should have considered is to test the assumptions that are made during the process and they should be validated. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-16

Class Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 4-17

Quantitative Risk Analysis
Quantitative risk analysis process is to analyze numerically the probability of each risk and its consequences on project objectives. Determine which risks warrant a response. Determine the quantified probability of meeting project objectives e.g. “We only have an 80% chance of completing the project within 6 months.” Identify risks requiring most attention. Create realistic and achievable cost, schedule or scope targets. PMI suggests that quantitative method is preferable to qualification because it is less subjective and is a better approximations of actual probabilities and consequences. Another way to perform risk analysis is quantitative analysis where you quantify a risk. Risks are prioritized based on the likelihood or probability of occurring and determining the potential effect on a project. This is done assigning a mathematical value to each risk event in a project and the probability of that event occurring thereby getting a numerical value for it. Then all of the numerical values for individual risks in the project can be added up to obtain an overall numerical value for the total risk of the project. For Example, We have an 80% chance of completing the project within 6 months. And if this event happens the consequences will be “x” amount of dollars in lost billing etc. Once a numerical value is obtained for each identified risk in the project, they can be ranked and the high risk items can be given the most attention. The can help obtain realistic cost, schedule and scope targets. When given a choice, PMI’s preferred method for risk evaluation is quantitative over qualitative methods because it is less subjective and is a better way to obtain approximations or actual probabilities and consequences. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-18

Class Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition No notes. Class Activity Slide. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 4-19

Data Precision Ranking “How well understood is the risk?” Before the project manager can use the risk information collected, they must also analyze the precision of the data – how good is the data? Risk Rating Matrix: In order to sort or rate risks so a determination can be made as to which risks will move on through the risk process, a risk rating matrix may be used. Outputs from Qualitative Risk Analysis: Risk rating of the project. List of prioritized risks. List of risks created for additional analysis in risk quantification or risk response planning. Non-critical or non-stop risks documented for later revisit during risk monitoring and control. The project can be compared to the overall risks of other projects. The project could be selected, continued, or terminated. Resources could be moved between the projects. Some of the qualitative Risk Analysis methods that are utilized by the Project managers include Data Precision Ranking, Risk Rating Matrix and Output from Qualitative Risk Analysis. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-20

Decision Tree: A decision tree takes into account future events in trying to make a decision today. It calculates expected value (probability time consequences) in more complex situations than the expected value. Perform exercise Rita’s Pg 389/390 Decision tree is tool you use for quantitative risk analysis. In Rita’s exercise on Page 389, it is cheaper to build the prototype then not building the prototype. This is illustrated in the example in a decision tree format where the cost of the building the prototype is compared with no-prototype development. By doing this quantitative analysis, the decision is easier to make. In this case, the impact of building the prototype building has less impact. Please refer to Rita’s book page 389/390. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-21

Monte Carlo Simulation: Evaluates the project and not the task. Provides the probability of completing the project on any specific day, or any specific account of cost. Provides the probability of any task actually being on the critical path. Provides a percent probability that each task will be on the critical path. Translates uncertainties into impacts to the total project. Can be sue to assess cost and schedule impacts. Is usually done with a computer-based Monte Carol program. Results in a probability distribution. Outputs from Quantitative Risk Analysis: Prioritized list of quantified risks Forecasts of potential project costs or schedule. Listing of the possible project completion dates and costs with their confidence levels. Probability of achieving the required project cost or schedules objectives. Documented list of not-critical, not-top risks. Other Quantitative methods utilized by project managers include Monte Carlo simulation, which evaluates the project and not the task. It provides the probability of completing the project on any specific day or account of cost. It is good to provide probability of any task being on the critical path. It helps translates uncertainties into impacts to the total project and can be used to assess cost and schedule impacts. Monte Carlo method is usually utilized for specialized industries and complex projects. Generally, Monte Carlo projects are done using a computer program and results in a probability distribution. Now, we have learn so many this for risk planning, let us make a quick summary. The main output of all the risk planning process is update risk register Qualitative and quantitative risk analysis is all about ranking risks based on probability and impact Decisions tree analysis on kind of expected monetary value analysis that focus on adding up all the costs of a decision being made on a project. Watch list are also important. They let us monitor lower priority risks so that we can see if triggers for those risks occur and we need to treat then as higher priority. All the process in risk managements are in planning and monitoring & controlling areas. There is no executing process here. Let’s proceed for risk response planning now. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-22

Review Question Joe joined as a project manager in an organization where his manager asks him to analysis of risks for project giving a draft charter. What should help Joe best in this situation? A. A website for PM network B. Enterprise environmental factor C. Resource plan from project planning D. Lesson learns document from the previous project that failed earlier Correct Answer: D PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-23

Review Question An output of Risk Identification is: A. A risk register. B. Expected monetary value of the risk events. C. Corrective actions. D. The plan for mitigation. Correct Answer is: A PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-24

Review Question A thorough review of ______________will help identify potential risks to the project. A. Risk identification checklists based on historical information and knowledge B. The project’s change control system C. The project’s mission statement D. The project’s budget Correct Answer is A PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-25

Review Question As an output of Quantitative Risk Analysis, the risk register is updated. These updates include: A. Prioritized list of quantified risks B. Probabilistic analysis of the threats to ignore and opportunities to accept C. Checklists, corrective actions, and quantified decision trees D. Direction, resources, and costs Correct Answer is: A PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-26

Review Question The Delphi technique has all of the following characteristics EXCEPT: A. It is a way to reach a consensus of experts on a subject such as project risk. B. It is a technique in which project risk experts participate anonymously. C. It helps reduce bias in the data and keeps any one person from having undue influence on the outcome. D. It is an ancient Greek technique to ensure that actions of subordinates are aligned with the vision of senior executives. Correct answer is: D PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-27

Risk Response Planning
Involves finding out ”What are we going to do about it” It involves finding ways to make the negative risk smaller or eliminate it, as well as finding ways to make positive risks more likely or greater in impact. Strategies are agreed upon by all parties. Primary and backup strategies are selected. Risks are assigned to individuals or group to take responsibilities. Risk Owner: Each risk must be assigned to someone who will help develop the risk response and who will be assigned to carry it out or “own” the risk. The risk owner is then free to take predetermined action when risks occur resulting in faster action, and less cost, time and other impacts on the project. Risk response planning involves identifying the response to each risk events. This can be registered in the risk register for later reference. What are the strategies for risk mitigation? It involves finding ways to eliminate the smaller risks and minimizing the impact of larger risks. The strategies are agreed upon by all parties. There can be primary as well as back up strategies to risk responses. Just like the project tasks, risks can be assigned to individuals or departments within the organization and risk owners are identified in the risk register. Moving on to risk owner now. Managing risk is one of an owner’s most important functions in making any major project successful. In general, the owner is initially responsible for all of the project risks, as it is usually the owner’s decision to execute the project or not. The owner has the ultimate responsibility for identifying, analyzing, mitigating, and controlling project risks, including acceptance of the project risks, or modification, or termination of the project; all of which are project risk management activities. This is true whether the project execution is managed directly by the owner or by contractors under the owner’s supervision. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-28

Class Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition No notes. Class Activity Slide. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 4-29

Risk Response Strategies: Developing options and determining actions to enhance opportunities and reduce threats. Avoidance : Changing the project plan to eliminate the risk or condition or to protect objective from its impact. Mitigation : Reduce the probability or the consequences of an adverse risk and increase the probability or consequences of an opportunity. Acceptance : Do nothing and say. “If it happens it happens”. Active acceptance may include developing a contingency plan to execute, should a risk occur. Passive acceptance requires no action, leaving the project team to deal with the risks as they occur. Transference : Risk transference is seeking to shift the consequence of a risk to a third party together with ownership of the response. Transferring the risk simply gives another party responsibility for its management, it does not eliminate it. For e.g. purchasing of insurance, warranties, guarantees, or outsourcing the work. Perform exercise Rita’s pg 394 When Selecting risk strategies, it is important to remember: Strategies must be timely. The effort selected must be appropriate to the severity of the risk – avoid spending more money preventing the risk than the impact of the risk would cost if it occurred. One response can be used to address more than one risk. Involve the team, stakeholders, and experts in selecting a strategy. Let us move through detail analysis of risk responses. In absence of effective risk management processes, the teams may be interested to rush into developing responses for risks that are identified but not evaluated. Risk responses consume resources, so these responses should deliver value to the project. Minus an understanding of the causes and impact of each risk, the selected risk responses may be unnecessary. If risk identification is not performed well, some risk events may be missed. When resources are scarce and potential risks are numerous, quantitative Risk analysis will ensure that project resources are directed to the most effective risk responses. Each identified risk that is significant enough to affect project objectives will need at least one risk response. There are several categories of responses. Some are intended to prevent risks, some are intended to protect the project objectives from risk, and some are reactive. These categories are sorted by negative risks or threats, positive risks or opportunities. The choice of response may also be influenced by other factors, such as the organization's culture, regulations, and industry standards. Let see both options with example. Options for dealing with negative risks or threats include avoid, mitigate, transfer and obviously accept. There are many ways to avoid risks: Change the project plan to eliminate the risk Relax the project objective that are at risk Change the project plan to retain the project objectives from its impact Improve performance through better communication and acquiring expertise and information Change the scope by clarifying requirements Transfer shift the consequence of a risk and ownership of the response to a third party. Insurance policies and outsourcing are examples of transference. This option is commonly used if the risk is too great or if outside experts are needed to manage the risk. Mitigate reduces the probability or consequences of an adverse risk event to an acceptable threshold. Some of the activities for mitigation may end up on the project schedule and as such can cause a change to the original project schedule and project budget. This is one purpose why it is a good idea to start the risk management processes early. Options for dealing with positive risks or threats include exploit, share, enhance as well as accept. Exploit directly exploit risks with positive impacts to take advantage of an opportunity for improved project performance. Share allocate ownership of the risk to a third party more capable of capturing the positive risk or opportunity. Incentives are built into the partnership to encourage this. Enhance identify and maximize key drivers for opportunities, thereby strengthening the impact or increasing the probability of the positive risk event. Strategies for both threats and opportunities include: Accept is to do nothing and used when there is no possibility of elimination or when the costs are prohibitive. In selecting risk strategies, it is important to consider the timeliness, severity, team involvement and other factors that will swiftly and efficiently address risks. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-30

Review Quiz Which one of the following is not a risk response strategy? Avoidance Acceptance Rejection Mitigation The correct answer is C. Rejection is not one of the risk response strategies. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-31

Outputs from Risk Response Planning: Developing options and determining actions to enhance opportunities and reduce threats. Residual Risks : Are those that remain after avoidance, transfer or mitigation responses have been taken. Secondary Risks : Arise as a direct result of implementing a risk response. Contingency Planning : Planning the specific actions that will be taken if a risk event occurs or planned response. Fallback Planning : Specific actions that will be taken if the contingency plan is not effective. Risk Response Plan : A written document that captures the risks you identified and what you plan to do about them. The project manager should also record non-critical risks so that they can easily be revisited during the executed phase. Revised Project Plan : The efforts spent in risk management will result in changes to the project plan. Tasks could be added, removed, or assigned to different resources. Reserves : Formulating the amount of time or cost that needs to be added to the project to account for risk. Moving on to risk response outcome now. Some important points to remember. Secondary risks are risks that come from a response you have to another risk. If we dig a trench to stop landslides from taking out our camp, it’s always possible for someone to fall into the trench and get hurt. Residual Risks are those that remain after our risk responses have been implemented. So, even though you reinforce your tent stakes and get weatherproof gear, there’s still a chance that winds could destroy your camp if they are strong enough. We may have some residual risks and secondary risks. So we have to pay attention to those risks as well. Another outputs are contingency planning and fall back planning. We may need to revise your fallback plan as necessary. We may have to revise your project budget and plan for reserves. There are contingency and management reserves. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-32

Review Quiz A secondary risk is defined as: The second risk that occurs on the project A risk that occurs as a result of implementing a risk response An unforeseen risk An expected risk The correct answer is B. A secondary risk is one that occurs as a result of implementing a risk response. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-33

Control Risks Keeping track of the identified risks Implementing risk responses Looking for the occurrence of risk triggers Monitoring residual risks Identifying new risks Ensuring the execution of risk plans. Evaluating the effectiveness of risk plans. Developing new risk responses. Communicating risk status and collecting risk status. Communicating with stakeholders about risks. Determining if assumptions are still valid. Revisiting low ranking or non-critical risks to see if risk responses need to be determined. Taking corrective action to adjust to the severity of actual risk events. Looking for any unexpected effects or consequences of risk events. Reevaluating risk identification, qualification, and quantification when the project deviates from the baseline. Updating risk plans Making changes to the project plan when new risk responses are developed. Creating a database of risk data that may be used throughout the organization on other projects. We already know, risk monitoring and control is the process of keeping track of the identified risks, monitoring residual risks and identifying new risks, ensuring the execution of risk plans, and evaluating the plans' effectiveness in reducing risk. The process continues on until the project is complete. Throughout the process, the risk owners track identified risks, reveal new risks, implement risk response plans, and gage the risk response plans effectiveness. The key point is throughout this phase constant monitoring and due diligence is key to the success. After the risk owner has gathered together all of the inputs, it is time to engage in risk monitoring and controlling. The best practices provided by PMI are Risk Reassessment, Status Meetings, Risk Audits, Variance and Trend Analysis, performance measurements and Reserve Analysis. In monitoring and controlling risk, the idea is to make sure that you are on plan and it is being monitored. Each one of these activities are important during the monitor and control process. We may update your risk plan as your continue through the process. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-34

Control Risks Class Group Activity – 30 Minutes Divide Class into 3 groups (3 to 4 students in each group) Discuss and brainstorm the inputs/outputs Present your inputs/outputs to the rest of the teams Check and compare your inputs/outputs with PMBOK® Guide, Fifth edition PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 4-35

Control Risks Risk Response Audits: Examining and documenting the effectiveness of the risk response and the person managing the risk. This is an important step in order to see if the plans put in place are effective and if changes are needed. Risk Reviews: Team needs to periodically review risk plans and adjust as required. Risk should be a major topic at team meetings to keep focus on risks and to make sure plans remain appropriate. Outputs from Risk Monitoring and Control: Workarounds: Unplanned responses to risks or dealing with risks that you could not or did not anticipate. Corrective action: consists of performing the contingency plans or workaround. Changes to the Project: Implementing contingency plans or workarounds frequently results in a requirement to change the project plan to respond to risks. Updates to risk response plan: It is wise to always re-evaluate whether the plans need any correcting or adjusting after each unidentified ir identified risk occurs. Risk Database: A repository that provides for collection, maintenance and analysis of data gathered and used in the risk management process. Continuing with monitoring and control, let’s get some detail knowledge. Risk reassessment is generally addressed at the status meetings. Throughout the project, new risks arise, identified risks change, and some risks disappear. To assure team members remain aware of changes in the risk, they are reassessed on a frequently scheduled basis. Reassessing risks enables risk owners and the project manager to evaluate whether risk probability, impact are changing or new risks are coming into play or old risks have gone. Status meetings provide a forum for team members to share their experiences and inform other team members of their progress and plans. A discussion of risk should be an agenda item at every status meeting. Risk audits studies and documents the effectiveness of planned risk responses and their impacts on the schedule and budget. Risk audits may be scheduled activities, documented in the Project Management Plan or they can be triggered when thresholds are exceeded. Risk audits are often performed by risk auditors, who have specialized expertise in risk assessment and auditing techniques. Variance analysis looks at the difference between the planned and the actual in order to identify undesirable risks. Earned value analysis is a type of variance analysis. Trend analysis involves observing project performance over time to determine if performance is increasing or decreasing using a mathematical model to forecast future performance based on historical results. Technical performance measurement identifies deficiencies in meeting system requirements, provide early warning of technical problems, and monitor technical risks. Reserve analysis makes a comparison of the contingency reserves to the remaining amount of risk to as certain if there is enough reserve in the plan. Contingency reserves are buffers of time, funds, or resources set aside to handle risks that arise as a project moves forward. Outputs from Risk Monitoring and Controlling are Workarounds, Corrective actions, Changes to the project, updates to risk response plan and Risk database. This concludes this chapter. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-36

Chapter Summary Risk Management Overview Risk Management processes Plan Risk Management Identify Risks Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Responses Control Risks Tools and Techniques utilized in each process Success project management requires planning for, managing, and controlling risks. The Risk Management processes and relevant tools and techniques are: Plan Risk Management Involves planning for: Methodology Roles and responsibilities Types of risks Budgeting Risk categories Risk probability and impact Stakeholders’ tolerance and thresholds Scoring and interpretation Reporting formats Tracking Identify Risks Brainstorming Delphi Technique SWOT analysis Checklist Analysis Assumptions Analysis Diagramming Techniques Perform Qualitative Risk Analysis Data Precision Ranking Risk Rating matrix Perform Quantitative Risk Analysis Decision tree analysis Plan Risk Responses Involves looking at and planning for: Residual risks Secondary risks Contingency planning Fallback planning Creating a risk response plan Control Risks Risk response audits Risk reviews PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-37

End of Chapter Quiz Question 1: After planning for all risks, the team concludes that one risk is unavoidable. This risk can be categorized as: Inevitable risk Unplanned risk Remaining risk Residual risk The correct answer is D. A Residual risk is one that remains after avoidance, transfer, or mitigation responses have been taken. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-38

End of Chapter Quiz Question 2: One team member informs you that he will miss a critical deadline. From a risk management perspective, this is an example of: Qualitative risk analysis Unplanned risk Risk Planning Risk trigger The correct answer is D. This is an example of a risk trigger. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-39

End of Chapter Quiz Question 3: Although junior programmers outnumber seniors programmers on the development team, you decide to use a senior programmer due to the risk of using an inexperienced programmer on a complex, high profile project. This is an example of: Risk tolerance Risk avoidance Risk planning Risk strategy The correct answer is B. This is an example of risk avoidance. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-40

End of Chapter Quiz Question 4: A list of prioritized risks is an output of which process? Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Risk Response Planning Control Risks The correct answer is A. A list of prioritized risks is an output of Perform Qualitative Risk Analysis. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-41

End of Chapter Quiz Question 5: The project team is in a meeting on risk identification. All the team members are offering ideas that are being written on the board. One idea leads to another idea. This technique is known as: Affinity diagrams Delphi technique Brainstorming Interviewing The correct answer is C. This technique is called brainstorming. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-42

End of Chapter Quiz Question 6: What would project manager do when he receives a request for a change in the project that increases project risk? A. Call the team and analyses the impact B. Discuss with the customer about the impact of change C. Use senility analysis of the risk with the team D. Add expected monetary value of the risk The correct answer is C. This technique is called brainstorming. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-43

End of Chapter Quiz Question 6: 2. Which of the strategies are for negative risks? A. Avoid, Mitigate, Transfer, Accept B. Avoid, Transfer, Mitigate C. Avoid, Transfer, Exploit, Mitigate D. None of the above Answer: A The correct answer is C. This technique is called brainstorming. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-44

End of Chapter Quiz Question 7: Which of the strategies are for negative risks? A. Avoid, Mitigate, Transfer, Accept B. Avoid, Transfer, Mitigate C. Avoid, Transfer, Exploit, Mitigate D. None of the above The correct answer is A. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-45

End of Chapter Quiz Question 8: To be successful, the organization should be committed to addressing the management of risk: A. Just before a meeting with a client B. Proactively and consistently throughout the project C. As soon as time and cost estimates are ready D. Early in the execution phase The correct answer is B. Risks are better managed when they are proactively addressed PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-46

End of Chapter Quiz Question 9: Outputs from Risk Response Planning include all of the following EXCEPT: A. Risk register updates B. Corrective actions C. Risk-related contractual agreements D. Project management plan updates The correct answer is B. Corrective actions are not an output from risk response planning PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-47

End of Chapter Quiz Question 10: The outputs from risk monitoring and control include all of the following EXCEPT: A. Requested changes B. Work breakdown structure (WBS) C. Recommended corrective actions D. Updates to the risk register. The correct answer is B. Work break down structure (WBS) is not an output from risk monitoring and control process. PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-48

End of Chapter Quiz Question 11: Decision tree analysis has all of the following characteristics EXCEPT: A. It is usually structured using a decision tree diagram that describes a situation under consideration, and the implications of each of the available choices and possible scenarios. B. It incorporates the cost of each available choice, the probabilities of each possible scenario, and the rewards of each alternative logical path. C. It is primarily a descriptive technique and cannot be effectively used in quantitative risk analysis. D. Solving the decision tree provides the expected monetary value for each alternative, when all the rewards and subsequent decisions are quantified. The correct answer is C. Decision tree is a quantitative technique used for analysis purpose PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-49

End of Chapter Quiz Question 12: Expected monetary value (EMV) analysis has all of the following characteristics EXCEPT: A. It is a statistical concept that calculates the average outcome when the future includes scenarios that may or may not happen. B. The EMV of opportunities will generally be expressed as positive values, while those of risks will be negative. C. EMV analysis cannot be used effectively in decision tree analysis. D. EMV is calculated by multiplying the value of each possible outcome by its probability of occurrence, and adding them together. The correct answer is C. Corrective actions are not an output from risk response planning PMP, CAPM, PgMP, PMI-SP , PMI-RMP, OPM3 and PMBOK are registered marks of Project Management Institute, Inc Inov8Solutions Inc – Quality Educational Services For Professionals 11-50

Chapter 11 Risk Management

Similar presentations

Presentation on theme: "Chapter 11 Risk Management"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Chapter 11 Risk Management

Similar presentations

Presentation on theme: "Chapter 11 Risk Management"— Presentation transcript:

Similar presentations

About project

Feedback